WaB's downgrader.

[inky]

I'm really surprised none of the poor souls who upgraded are going apesh*t yet.
http://www.pspupdates.com/2005/07/wa....html#comments
I've just made the psp scene rounds and NO ONE is talking about this. I just don't get it. I would test it but I don't need to :P it appears to be source code.

[Alto]

Same here, very weird :eh:

[junkmate]

mate, i was thinking the same thing!
i got myself assuming i had misunderstood or something, and it was in fact something completely different heh. every day i read about 1.5+ users wishing for this update... deafening silence - theres a nice juxtaposition for you.

[EPChris]

That's because it's not really a downgrader, it appears to be a decrypted 1.50 update so that people can start working on making a downgrader. Here's from their README:

Quote:

You can now work on a downgrader 1.51 & 1.52 from the decrypted elf
updater 1.50.

you can get many info and prx like PSAR.prx embeded on the elf the
version.txt for the updater embeded in the elf too many good info .

[inky]

maybe all the 1.5+'ers are still asleep?!? I know I wish I was lol
but really I have been to just about every major forum and not a peep.
oh well not my problem eh? mwahahaha

[The_Bionic_Jawa]

Quote:

Originally Posted by inky

maybe all the 1.5+'ers are still asleep?!? I know I wish I was lol
but really I have been to just about every major forum and not a peep.
oh well not my problem eh? mwahahaha

Maybe all the 1.5+ people have just given up? (Or are dead after finnaly killing themselves for upgrading thier PSP)

[inky]

Quote:

Originally Posted by The_Bionic_Jawa

Maybe all the 1.5+ people have just given up? (Or are dead after finnaly killing themselves for upgrading thier PSP)

if we could be so lucky :P

[PopeOfDope]

i have 1.52 but im not sure whether i should be excited or not.
Its not an actual downgrader, its an .elf file, which i have no idea as to what it contains or does.
The developers can look at it, but im not sure what they can achieve from it and in what timespan. Will it take weeks of analyzing to find a possible hole so that we can downgrade? Or will it take a matter of days and the exploit will be released?
This elf file will probably lead to a downgrade, im assuming this is the information that Team Xecuter passed along when mentioning the possibility of a soft downgrade. Whats not certain is when a downgrader will actually come out.

[Alto]

btw, is it possible to "accidentaly" upgrade it ?

[EPChris]

Sure, you can do what I did and be excited that you just bought a PSP and want to try out it's wireless networking stuff the minute you get it, waaaay before you ever even heard of psphacker/pspupdates/homebrew limitations, etc.

[Alto]

But at least you got a message like "upgrade your psp ? y/n" you have to be unaware of the firmware limitation to make a mistake no ?

[corneliousjd]

it doesn't downgrade. its the unencrypted elf binaries of the firmware update.

it doesn't do anything close to downgrading, the file says "a starting point for developers looking to downgrade"

i wish it was a downgrader though... :wall:

[seanraf]

Does anyone think the WAB themselves are using this .elf to work on a downgrader?

[inky]

Quote:

Originally Posted by seanraf

Does anyone think the WAB themselves are using this .elf to work on a downgrader?

since they released this with a "you do it" kinda attitude I'd say no.

[Cow]

Well to me it seems fairly easy to just hack the the 1.50 EBOOT and change a couple of things in the code:
"lflash0:0,0"
"lflash0:0,1"
"lflash0:0,2"
"lflash0:0,3"
"fatfmt"
"flash0:"
"flash1:"
"flashfat2:"
"flashfat3:"

//Updater Version Checker
release:1.00:.build:89,0,3,1,0:root@p sp-vsh
system:17756@release_103a ,0x01000300:
vsh:p4231@updater_for_day 1,v11488@updater_for_day1 ,20050304:
//

If you can change the above "1.00" to "1.51" or "1.52" wouldn't that force the firmware to install itself? Please forgive me if there is in obvious flaw in my theory. I have no coding expierience besides html and a little actionscript. And if you see an obvious flaw please explain it.

[inky]

I think that line is trying to fool the 1.50 updater into thinking you have a 1.00 psp. but I know Jack-all about coding :P

[Cow]

Heh just noticed that... ok new theory:

Find the code in the 1.50 EBOOT.PBP that handles the version check and replace it with the WAB team's code which as you said would fool it into thinking it allready knows that the firmware is,1.00.

[Raere]

Come one devs! You can do it! I really wish I could help, but I know nothing about coding. I'm very willing to test any attempts with this new code (I have a 1.51). :drool:

[Cow]

If I knew anything about the coding(or could hack into and edit it) used in the 1.50 EBOOT.PBP and could recognize the code that handled the version checker we may have ourselves a downgrader! Come on developers could you atleast throw me a bone and help me out?

[nwlilman]

Those are good theories, but:

There are a few things to consider:
1) The modified code MIGHT have to be re-encrypted
2) Modifying the code MIGHT throw off any signatures that the PSP checks for, rendering the file useless.

I know I sound pessimistic, but I just want to point that out. I hope I am wrong. Good luck to the people working on this and keep up the hard work.

[rumdada]

Note: This file will NOT downgrade your firmware, it's for developers to use who wish to examine this as a starting point for downgrading.
I have mixed emotions i mean i can see the homebrew apps on my psp but i cant launch them i get a game could not be started. (8002148)

[Cow]

Quote:

Originally Posted by nwlilman

Those are good theories, but:

There are a few things to consider:
1) The modified code MIGHT have to be re-encrypted
2) Modifying the code MIGHT throw off any signatures that the PSP checks for, rendering the file useless.

I know I sound pessimistic, but I just want to point that out. I hope I am wrong. Good luck to the people working on this and keep up the hard work.

Good Point... Man I wish I could try out some of my theories. I just hope they don't turn a PSP into a $250 brick. Which could happen if the firmware ends up corrupted. But TeamXecuter managed to get the firmware downgraded and the key to the downgrade seems to be the code WAB just released. So it only needs a little care and a bit of work for the downgrade to be successful.

[logicbomb.de]

Not to be a conspiracy theorist or anything, but I have a HUNCH, nothing more, that Team Xececuter is the playing the anonymous tipster role and is hooking up teams like PSP-DEV and WAB with tidbits here and there of advancements and discoveries that the've made.

if you recall in an earlier announcemnt by Team X in May that they had already had hombrew and and games running on all versions of fimware and hinted that if it "it did require some sort of of hardware hack, you'd be dissapointed? We don't think so"

i'm purely guessing that Team X was able to decrypt the update EBOOT.PBP and pass it along to WAB to "release" to the (mostly *****y and ungrateful) public for other Devs to possibly incorporate this into a possible soft downgrader, and for the nay-sayers and fan boys to ***** about why WAB themselves havent released a downgrader yet, because,[SARCASM] I mean they got the source code and it soooooo simple, just throw your source and .ELF file into the DATA folder and hit the compile button, right?! [/SARCASM] :liar:

[ohgod]

I think most of the people that did upgrade to 1.5+ wouldnt know what to do with this information. Thats why they arent going crazy.

[SupaDawg]

nwlil is probly right. The problem remains getting 1.51/1.52 to run unsigned code, which a re-compiled elf would become. unfortunatly, until we ascertain how sony signs their software upgrade this is useless information.

[Cow]

Well I almost got my PSP to downgrade(1.51) by tricking it into thinking the 1.50 was 1.52 using PBP unpacker,but it came up with can't do the update because of corrupt data(which it was not). SupaDawg must be right... :wall: but there are more things I have not tried! So there is hope!

EDIT: Tried everything I could think of but it looks like they only way to downgrade is with WAB's code :doh: ...Well looks like the dev's get to have fun making it work somehow. :Pray:

[Vale]

Quote:

Originally Posted by Cow

Well I almost got my PSP to downgrade(1.51) by tricking it into thinking the 1.50 was 1.52 using PBP unpacker,but it came up with can't do the update because of corrupt data(which it was not). SupaDawg must be right... :wall: but there are more things I have not tried! So there is hope!

EDIT: Tried everything I could think of but it looks like they only way to downgrade is with WAB's code :doh: ...Well looks like the dev's get to have fun making it work somehow. :Pray:

You can't do it that way the way the update files are made only change what is nessessary(else they would all be 32 mb updates). Basicly you'd have to inverse all the commands inside the update file. Example:

1. Open up notepad and type 70 random letters and numbers
2. Change the 15th to 25th characters to "0" <- Simulated 1.50 patch
3. Then Change the 45th - 55th characters to "A" <- simulated 1.51+ patch
4. Repeat step 2 <- simulation of putting the instruction set from 1.50 inside the 1.51 eboot

That gives you basicly a 1.50 / 1.51+ hybrid still making your PSP not being able to run homebrew because the flash is still being told to check for authenication, because authenication wasnt touched in the 1.50 update

To downgrade the right way would be to take the 1.51+ eboot file and take the instruction set and reverse it:

1. At line 500 Change all "A" to "F"

would turn into:

1. At line 500 Change all "F" to "A"



Its simple math:
(disclaimer: these numbers are ONLY representation of implying patches/etc not real versions)
(Firmware * 1.50 Update) / (1.51 Update) = Current Firmware
(5*3) / (5) = 3.75


Ok so now were on version 1.51 now so
(Current Firmware * 1.50 Update) = Current Firmware
(3.75 * 3) = 11.25

As you can see it doesnt work the way you put it... Any questions or flames about this post? PM me then and ill explain it deeper...

[inky]

[edit] I don't think what the wab code is implying is smashing together 1.52 and 1.50. but rather making 1.50 report that it is 1.5+ to the updater.
[2nd edit!) or making the updater think you have firmware 1.0 instead of 1.5+ allowing you to flash 1.50. *shrugs*

[Vale]

its already linked in my siggy and second its true you can't do it that way, just trying to prove a point... im looking forward just as much as everyone else is to downgrading... just trying to keep people from taking steps backwards. Sorry if that offends you.

[Edit] Misunderstanding: That was directed at cows attempt to downgrade, not the WAB and inky

[Cow]

Vale: So in my case I would have to edit the 1.51 eboot to removing what it did and replace it with whatever the firmware needs to become 1.50. That makes sense but it doesn't seem like something easy... So following this same logic there would have to be another downgrader created everytime Sony made a firmware update?

What about WAB's code? It seems to fool the PSP into think it is still 1.00 but is it even possible to downgrade after what the upgrades do to the firmware? Seems to me we'd need the entire firmware to make a real solution to the downgrade process.